The security of a data communication system is of prime concern to any user of such a system. Each link in a system must be secure and the interface between successive links must also be secure. At the same time, access to the system by a legitimate user must by facilitated so as not to impede the flow of information or the usefulness of the system.
The flow of information within a system is usually secured by one or more cryptographic functions deployed at different stages. These functions will make use of cryptographic keys and rely on those keys to secure the system. A proper analysis of the security of a system therefore includes the potential access to the keys that are used.
Users are generally treated as the weakest link in the information security chain. A users' main contribution to security is the relatively low-entropy passwords that are used to gain access to the system. A users' long-term keys, if any, are generally stored in a device and encrypted with the password. The entropy of a user's password is a measure of the randomness in a password and is usually expressed in bits. A 20 bit random number has 220 values and is said to have 20 bits of entropy. Therefore, a password with 20 bits of entropy is as hard to guess as a 20 bit random number. The entropy of a password also represents the relative cost of an adversary to extract the key from its password-encrypted form, which would be approximately 220 password-decryptions in this example. Access to the stored password-encrypted user key by a given password should therefore be limited to below this value.
Passwords may provide adequate security in many applications. However, the low-entropy nature of passwords is not intrinsic to human nature, but rather to the computer user interface. Human memory, including memory of personal secrets, has a capacity far greater than what is needed for a secure cryptographic key. Unfortunately, keyboard entry of passwords (or passphrases) has relative low entropy input rate per character stroke, and as the number of character strokes increases, so does user inconvenience and chance of user error.
There is therefore the need for an interface that permits high entropy passwords to be utilized in a convenient manner. Accordingly, the longer the password required, the more likely it is that a well known phrase will be used, and therefore easier for an adversary to guess.